HackDig : Dig high-quality web security articles for hackers

Android App Leaks Microsoft Exchange Server User Credentials

An Android app that allows corporate users to connect to their own Microsoft Exchange Server installations leaks user credentials, which can be easily decoded to their cleartext version.Microsoft Exchange Server is an email and calendaring server developed by Microsoft that runs only on Windows Server. Companies deploy it to run their own private email serve
Publish At:2016-10-14 18:25 | Read:3935 | Comments:0 | Tags:Security Fixes and Improvements

Some Yahoo Users Exposed to Hacking Due to Bug in Yahoo Mail iOS App

A password-pinning bug in the Yahoo Mail iOS app might leave users exposed hacking and unaware that someone could have taken over their accounts, even if they changed their passwords, as Yahoo recommended in its recent data breach alert."Upon investigating, it became clear that Yahoo had issued a permanent credential to the device," said the Trend
Publish At:2016-10-01 01:20 | Read:5368 | Comments:0 | Tags:Security Fixes and Improvements IOS

Flaws in Kerio Firewalls Let the Bad Guys Through

A series of bugs discovered in Kerio Control firewalls allow external attackers to hack into a company's internal network just by tricking employees into accessing a malicious link.SEC Consult, a company that provides security consultancy services, has discovered the flaws in Kerio Control, a high-tech full security system that provides a network firewal
Publish At:2016-09-22 16:20 | Read:4206 | Comments:0 | Tags:Security Fixes and Improvements

Even Google Search Suffers from XSS Flaws

French security researcher Issam Rabhi has identified a cross-site scripting (XSS) vulnerability in Google's Search interface, something that many have thought to be impossible after so many years of probing by other security experts.The reason why Rabhi managed to identify this "unicorn" is because the issue wasn't in Google's classic
Publish At:2016-09-15 01:30 | Read:4248 | Comments:0 | Tags:Security Fixes and Improvements Xss

Microsoft Patches IE and Edge Zero-Day Used in Massive Malvertising Campaign

Microsoft's security team finally addressed a zero-day vulnerability that affected both Internet Explorer and Edge and which was used for almost two years in a massive malvertising campaign exposed last month by Proofpoint security researchers.The zero-day, tracked by CVE-2016-3351, allowed the people behind this malvertising campaign to avoid security p
Publish At:2016-09-15 01:30 | Read:4969 | Comments:0 | Tags:Security Fixes and Improvements

Microsoft Fixes Critical Flaw in OS Hooking Engine

Microsoft's September Patch Tuesday security update includes a fix for a critical problem reported by enSilo researchers that affects hundreds of Windows applications, including Microsoft's own line of products.In infosec circles, the vulnerability has been affectionately named Captain Hook, based on the name of the presentation given by enSilo
Publish At:2016-09-14 07:15 | Read:4792 | Comments:0 | Tags:Security Fixes and Improvements

WordPress 4.6.1 Security Update Is Out, Time to Update Peeps

The WordPress.org team has released version 4.6.1 of the WordPress CMS, which fixes 2 security issues and 15 bugs related to the application's regular functions.The WordPress team recommends that site administrators update their installations as soon as possible, WP 4.6.1 being considered a security release.The first of the two security-related issues fi
Publish At:2016-09-08 23:30 | Read:4191 | Comments:0 | Tags:Security Fixes and Improvements

New Android Security Patch Level System Is a Convoluted Mess

Google has released today the September edition of the Android Security Bulletin, which, starting this month, features a new three-level patching string system that is extremely confusing, even for Android professionals.The "Android security patch level" string is a setting in the phone's "About" section that tells you the date of the
Publish At:2016-09-07 11:00 | Read:4151 | Comments:0 | Tags:Security Fixes and Improvements

Google Fixes Nexus 5X Flaw That Allowed Attackers to Dump Phone Memory via USB

Google has fixed a vulnerability in the Nexus 5X Android images that would have allowed an attacker to dump the phone's memory and extract sensitive information via a USB port.The vulnerability was discovered by IBM's X-Force team and affected Android images deployed only on LG Nexus 5X devices. The vulnerable versions are 6.0 MDA39E through 6.0.1 MM
Publish At:2016-09-02 03:10 | Read:4358 | Comments:0 | Tags:Security Fixes and Improvements

Firefox Adds Protection for MIME Confusion Attacks

Starting with Firefox 50, the browser will feature improved mitigation against MIME confusion attacks, preventing a threat actor from disguising malicious code as other files, mostly images.Whenever the browser receives a file from the server, Firefox will check the server response for the Content-Type header, which tells it what kind of file it downloaded,
Publish At:2016-08-27 00:55 | Read:4839 | Comments:0 | Tags:Security Fixes and Improvements

Cisco Patches Zero-Day Included in Shadow Brokers Leak

Cisco released two security advisories today, both addressing exploits recently dumped online by The Shadow Brokers, a group/individual selling hacking tools stolen from the Equation Group, a cyber-espionage group believed to have ties with the US National Security Agency (NSA).Hacking tools from The Shadow Brokers leak named EPICBANANA, JETPLOW, and EXTRABA
Publish At:2016-08-17 21:25 | Read:3588 | Comments:0 | Tags:Security Fixes and Improvements

Chrome and Firefox Affected by Simple URL Spoofing Bug That Facilitates Phishing

Security researcher Rafay Baloch has discovered a simple way to defeat several browser security features and spoof URLs in the browser address bar using a very, very simple trick.At the time of writing, Google and Mozilla have fixed the issue, but Baloch said that other vendors are still working on getting this corrected. The researcher also revealed he rece
Publish At:2016-08-17 03:05 | Read:4251 | Comments:0 | Tags:Security Fixes and Improvements

Annoying "Open PDF in Edge" Default Option Puts Windows 10 Users at Risk

Microsoft has released today its monthly security patch, and one of the five security bulletins labeled as critical concerns a remote code execution (RCE) flaw in its standard PDF rendering library that could be exploited when opening PDF files.The issue, tracked as CVE-2016-3319, is found in the Microsoft Windows PDF Library, the default Windows utility use
Publish At:2016-08-10 06:35 | Read:4727 | Comments:0 | Tags:Security Fixes and Improvements

QuadRooter Android Security Bugs Affect over 900 Million Devices

A set of four vulnerabilities in Qualcomm chipsets allows an attacker to gain root-level access on Android devices, which according to the latest statistics, are found in over 900 million tablets and smartphones.The four vulnerabilities have been disclosed today at the DEF CON 24 security conference in Las Vegas by a team of Check Point researchers.The four
Publish At:2016-08-07 23:30 | Read:4909 | Comments:0 | Tags:Security Fixes and Improvements

Adobe AEM Vulnerability Leads to RCE on Microsoft Servers

Security researcher Peter Adkins has managed to gain access to one of Microsoft's servers after using a security flaw he discovered in Adobe AEM in late 2015.Adkins' story stands proof once again that in most cases, and especially in the real world, attackers tend to combine flaws in multiple projects to gain access to a company's servers.During
Publish At:2016-08-04 04:10 | Read:3058 | Comments:0 | Tags:Security Fixes and Improvements Vulnerability

Tools